This is the accessible text file for GAO report number GAO-08-213T 
entitled 'Single Audit Quality: Actions Needed to Address Persistent 
Audit Quality Problems' which was released on October 26, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Senate Subcommittee on Federal Financial Management, 
Government Information, Federal Services, and International Security, 
Committee on Homeland Security and Governmental Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 2:30 p.m. EDT: 

Thursday, October 25, 2007: 

Single Audit Quality: 

Actions Needed to Address Persistent Audit Quality Problems: 

Statement of Jeanette M. Franzel Director, Financial Management and 
Assurance: 

GAO-08-213T: 

GAO Highlights: 

Highlights of GAO-08-213T, a testimony before the Subcommittee on 
Federal Financial Management, Government Information, Federal Services, 
and International Security, Committee on Homeland Security and 
Governmental Affairs, U.S. Senate. 

Why GAO Did This Study: 

Federal government grants to state and local governments have risen 
substantially, from $7 billion in 1960 to almost $450 billion budgeted 
in 2007. The single audit is an important mechanism of accountability 
for the use of federal grants by nonprofit organizations as well as 
state and local governments. However, the quality of single audits 
conducted under the Single Audit Act, as amended, has been a 
longstanding area of concern since the passage of the act in 1984. The 
President’s Council on Integrity and Efficiency (PCIE) recently issued 
its Report on National Single Audit Sampling Project, which raises 
concerns about the quality of single audits and makes recommendations 
aimed at improving the effectiveness and efficiency of those audits. 
This testimony provides (1) GAO’s perspective on the history and 
importance of the Single Audit Act and the principles behind the act, 
(2) a preliminary analysis of the recommendations made by the PCIE for 
improving audit quality, and (3) additional considerations for 
improving the quality of single audits. 

What GAO Found: 

In the early 1980s, Congress had concerns about a lack of adequate 
oversight and accountability for federal assistance provided to state 
and local governments. In response to concerns that large amounts of 
federal financial assistance were not subject to audit and that 
agencies sometimes overlapped on oversight activities, Congress passed 
the Single Audit Act of 1984. The act adopted the single audit concept 
to help meet the needs of federal agencies for grantee oversight as 
well as grantees’ needs for single, uniformly structured audits. GAO 
supported the passage of the Single Audit Act, and continues to support 
the single audit concept and principles behind the act as a key 
accountability mechanism for federal grant awards. However, the quality 
of single audits has been a longstanding area of concern since the 
passage of the act in 1984. 

In its June 2007 Report on National Single Audit Sampling Project, the 
PCIE found that, overall, approximately 49 percent of single audits 
fell into the acceptable group, with the remaining 51 percent having 
deficiencies severe enough to classify the audits as limited in 
reliability or unacceptable. PCIE found a significant difference in 
results by audit size. Specifically, 63.5 percent of the large audits 
(with $50 million or more in federal award expenditures) were deemed 
acceptable compared with only 48.2 percent of the smaller audits (with 
at least $500,000 but less than $50 million in federal award 
expenditures). The PCIE report presents compelling evidence that a 
serious problem with single audit quality continues to exist. GAO is 
concerned that audits are not being conducted in accordance with 
professional standards and requirements. These audits may provide a 
false sense of assurance and could mislead users of the single audit 
reports. 

The PCIE report recommended a three-pronged approach to reduce the 
types of deficiencies found and to improve the quality of single 
audits: (1) revise and improve single audit standards, criteria, and 
guidance; (2) establish minimum continuing professional education (CPE) 
as a prerequisite for auditors to be eligible to be able to conduct and 
continue to perform single audits; and (3) review and enhance the 
disciplinary processes to address unacceptable audits and for not 
meeting training and CPE requirements. 

In this testimony, GAO supports PCIE’s recommendations and points out 
issues that need to be resolved regarding the proposed training and 
other factors that merit consideration when determining actions to 
improve audit quality. GAO believes that there may be opportunities for 
considering size when implementing future actions to improve the 
effectiveness and quality of single audits. In addition, a separate 
effort considering the overall framework for single audits could answer 
such questions as whether simplified alternatives can achieve cost-
effective accountability in the smallest audits; whether current 
federal oversight processes for single audits are adequate; and what 
role the auditing profession can play in increasing single audit 
quality. 

What GAO Recommends: 

GAO supports PCIE’s recommendations and points out factors for 
consideration in determining actions, including (1) audit quality 
problems by size of audit and (2) the distribution of audits by size. 
GAO also suggests a separate effort to evaluate the framework for 
single audits. 

To view the full product, including the scope and methodology, click on 
GAO-08-213T. For more information, contact Jeanette Franzel at (202) 
512-9471 or franzelj@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss GAO's analysis of the results 
of the Report on National Single Audit Sampling Project[Footnote 1] 
recently issued by the President's Council on Integrity and Efficiency 
(PCIE) under the direction of the Office of Management and Budget 
(OMB). First, I would like to commend the PCIE for conducting this 
comprehensive and important study dealing with the quality of single 
audits. The single audit is a key accountability mechanism over the use 
of federal grants and other awards. In fiscal year 2007, $449 billion 
in federal grants was budgeted to state and local governments. The PCIE 
report raises significant concerns about the quality of single audits, 
and makes recommendations aimed at improving the effectiveness and 
efficiency of those audits. 

Today, I will provide (1) GAO's perspective on the history and 
importance of the Single Audit Act and the principles behind the act, 
(2) our preliminary analysis of the recommendations made by the PCIE 
for improving audit quality, and (3) additional factors for 
consideration for improving the quality of single audits. My statement 
today is based on our continuing work as the standards setter for 
generally accepted government auditing standards (GAGAS) and our 
related work in the area of single audits, including ongoing 
interaction with key stakeholders in the single audit process and 
members of the auditing profession providing single audit services to 
recipients of federal awards. In addition, this statement is based on 
our analysis of the PCIE report, and our discussions with the PCIE 
project team, the American Institute of Certified Public Accountants 
(AICPA), and OMB. 

Evolution of the Single Audit Act and Its Underlying Principles: 

In the early 1980s, Congress had concerns about a lack of adequate 
oversight and accountability for federal assistance[Footnote 2] 
provided to state and local governments. Before passage of the Single 
Audit Act in 1984 (the act), the federal government relied on audits of 
individual grants to help gain assurance that state and local 
governments were properly spending federal assistance. Those audits 
focused on whether the transactions of specific grants complied with 
program requirements. The audits usually did not address financial 
controls and were, therefore, unlikely to find systemic problems with 
an entity's fund management. Further, individual grant audits were 
conducted on a haphazard schedule, which resulted in large portions of 
federal funds being unaudited each year. In addition, the auditors 
conducting the individual grant audits did not coordinate their work 
with the auditors of other programs. As a result, some entities were 
subject to numerous grant audits each year, while others were not 
audited for long periods. 

In response to concerns that large amounts of federal financial 
assistance were not subject to audit and that agencies sometimes 
overlapped on oversight activities, Congress passed the Single Audit 
Act of 1984.[Footnote 3] The act stipulated that state and local 
governments that received at least $100,000 in federal financial 
assistance in a fiscal year have a single audit conducted for that 
year. The concept of a single audit was created to replace multiple 
grant audits with one audit of an entity as a whole. State and local 
governments which received between $25,000 and $100,000 in federal 
financial assistance had the option of complying with audit 
requirements of the act or the audit requirements of the federal 
program(s) that provided the assistance. The objectives of the Single 
Audit Act, as amended, are to: 

* promote sound financial management, including effective internal 
control, with respect to federal awards administered by nonfederal 
entities; 

* establish uniform requirements for audits of federal awards 
administered by nonfederal entities; 

* promote the efficient and effective use of audit resources; 

* reduce burdens on state and local governments, Indian tribes, and 
nonprofit organizations; and: 

* ensure that federal departments and agencies, to the maximum extent 
practicable, rely upon and use audit work done pursuant to the act. 

The Single Audit Act adopted the single audit concept to help meet the 
needs of federal agencies for grantee oversight as well as grantees' 
needs for single, uniformly structured audits. Rather than being a 
detailed review of individual grants or programs, the single audit is 
an organizationwide financial statement audit that includes the audit 
of the Schedule of Expenditures of Federal Awards (SEFA)[Footnote 4] 
and also focuses on internal control and the recipient's compliance 
with laws and regulations governing the federal financial assistance 
received. The act also required that grantees address material 
noncompliance and internal control weaknesses in a corrective action 
plan, which is to be submitted to appropriate federal officials. The 
act further required that single audits be performed in accordance with 
GAGAS issued by GAO. These standards provide a framework for conducting 
high-quality financial audits[Footnote 5] with competence, integrity, 
objectivity, and independence. 

The Single Audit Act Amendments of 1996[Footnote 6] refined the Single 
Audit Act of 1984 and established uniform requirements for all federal 
grant recipients. The refinements cover a range of fundamental areas 
affecting the single audit process and single audit reporting, 
including provisions to: 

* extend the law to cover all recipients of federal financial 
assistance, including, in particular, nonprofit organizations, 
hospitals, and universities; 

* ensure a more cost-beneficial threshold for requiring single audits; 

* more broadly focus audit work on the programs that present the 
greatest financial risk to the federal government; 

* provide for timely reporting of audit results; 

* provide for summary reporting of audit results; 

* promote better analyses of audit results through establishment of a 
federal clearinghouse and an automated database; and: 

* authorize pilot projects to further streamline the audit process and 
make it more useful. 

The 1996 amendments required the Director of OMB to designate a Federal 
Audit Clearinghouse (FAC) as the single audit repository,[Footnote 7] 
required the recipient entity to submit financial reports and related 
audit reports to the clearinghouse no later than 9 months after the 
recipient's year-end, and increased the audit threshold to $300,000. 
The criteria for determining which entities are required to have a 
single audit are based on the total amount of federal awards[Footnote 
8] expended by the entity. The initial dollar thresholds were designed 
to provide adequate audit coverage of federal funds without placing an 
undue administrative burden on entities receiving smaller amounts of 
federal assistance. When the act was passed, the dollar threshold 
criteria for the audit requirement were targeted toward achieving audit 
coverage for 95 percent of direct federal assistance to local 
governments. As part of OMB's biennial threshold review required by the 
1996 amendments, OMB increased the dollar threshold for requirement of 
a single audit to $500,000 in 2003 for fiscal years ending after 
December 31, 2003. 

Federal oversight responsibility for implementation of the Single Audit 
Act is currently shared among various entities--OMB, federal agencies, 
and their respective Offices of Inspector General (OIG). The Single 
Audit Act assigned OMB the responsibility of prescribing policies, 
procedures, and guidelines to implement the uniform audit requirements 
and required each federal agency to amend its regulations to conform to 
the requirements of the act and OMB's policies, procedures, and 
guidelines. OMB issued Circular No. A-133, Audits of States, Local 
Governments, and Non-Profit Organizations, which sets implementing 
guidelines for the audit requirements and defines roles and 
responsibilities related to the implementation of the Single Audit 
Act.[Footnote 9] The federal agency that awards a grant to a recipient 
is responsible for ensuring recipient compliance with federal laws, 
regulations, and the provisions of the grant agreements. The awarding 
agency is also responsible for overseeing whether the single audits are 
completed in a timely manner in accordance with OMB Circular No. A-133 
and for providing annual updates of the Compliance Supplement[Footnote 
10] to OMB. Some federal agencies rely on the OIG to perform quality 
control reviews (QCR) to assess whether single audit work performed 
complies with OMB Circular No. A-133 and auditing standards. 

The grant recipient (auditee) is responsible for ensuring that a single 
audit is performed and submitted when due, and for following up and 
taking corrective action on any audit findings. The auditor of the 
grant recipient is required to perform the audit in accordance with 
GAGAS. A single audit consists of (1) an audit and opinions on the fair 
presentation of the financial statements and the SEFA; (2) gaining an 
understanding of internal control over federal programs and testing 
internal control over major programs; and (3) an audit and an opinion 
on compliance with legal, regulatory, and contractual requirements for 
major programs. The audit also includes the auditor's schedule of 
findings and questioned costs, and the auditee's corrective action 
plans and a summary of prior audit findings that includes planned and 
completed corrective actions. Under GAGAS, auditors are required to 
report on significant deficiencies in internal control and on 
compliance associated with the audit of the financial statements. 

Recipients expending more than $50 million in federal funding ($25 
million prior to December 31, 2003) are required to have a cognizant 
federal agency for audit in accordance with OMB Circular No. A-133. The 
cognizant agency for audit is the federal awarding agency that provides 
the predominant amount of direct funding to a recipient unless OMB 
otherwise makes a specific cognizant agency assignment. The cognizant 
agency for audit provides technical audit advice, considers requests 
for extensions to the submission due date for the recipient's reports, 
obtains or conducts QCRs, coordinates management decisions for audit 
findings, and conducts other activities required by OMB Circular No. A- 
133. According to OMB officials, the FAC single audit database 
generates a listing of those agencies that should be designated 
cognizant agencies for audit based on information on recipients 
expending more than $50 million. The officials also stated that OMB is 
responsible for notifying both the recipient and cognizant agency for 
audit of the assignment. Federal award recipients that do not have a 
cognizant agency for audit are assigned an oversight agency for audit, 
which provides technical advice and may assume some or all of the 
responsibilities normally performed by a cognizant agency for audit. 

Federal grant awards to state and local governments have increased 
significantly since the Single Audit Act was passed in 1984. Because 
single audits represent the federal government's primary accountability 
tool over billions of dollars each year in federal funds provided to 
state and local governments and nonprofit organizations, it is 
important that these audits are carried out efficiently and 
effectively. As shown in figure 1, the federal government's use of 
grants to state and local governments has risen substantially, from $7 
billion in 1960 to almost $450 billion budgeted in 2007. 

Figure 1: Increase in Federal Grant Awards to State and Local 
Governments between 1960 and 2007: 

This figure is a bar chart showing the increase in federal grant awards 
to state and local governments between 1960 and 2007. 

[See PDF for image] 

Source: OMB. 

Notes: Data from the Budget for Fiscal Year 2008, Historical Tables. 
The above figures do not include grants made directly by federal 
agencies to nongovernmental organizations. 

[A] The Single Audit Act was enacted in 1984. 

[End of figure] 

GAO supported the passage of the Single Audit Act, and we continue to 
support the single audit concept and principles behind the act as a key 
accountability mechanism over federal grant awards. However, the 
quality of single audits conducted under this legislation has been a 
longstanding area of concern since the passage of the Single Audit Act 
in 1984. During the 1980s, GAO issued reports[Footnote 11] that 
identified concerns with single audit quality, including issues with 
insufficient evidence related to audit planning, internal control and 
compliance testing, and the auditors' adherence to GAGAS. The federal 
Inspectors General as well have found similar problems with single 
audit quality. The deficiencies we cited during the 1980s were similar 
in nature to those identified in the recent PCIE report. 

Results of PCIE Report Identify Serious Single Audit Quality Issues: 

In June 2002, GAO and OMB testified at a House of Representatives 
hearing about the importance of single audits and their 
quality.[Footnote 12] In its testimony,[Footnote 13] OMB identified 
reviews of single audit quality performed by several federal agencies 
that disclosed deficiencies. However, OMB emphasized that an accurate 
statistically based measure of audit quality was needed, and should 
include both a baseline of the current status and the means to monitor 
quality in the future. We also recognized in our testimony the need for 
a solution or approach to evaluate the overall quality of single 
audits. 

To gain a better understanding of the extent of single audit quality 
deficiencies, OMB and several federal OIGs decided to work together to 
develop a statistically based measure of audit quality, known as the 
National Single Audit Sampling Project. The work was conducted by a 
committee of representatives from the PCIE, the Executive Council on 
Integrity and Efficiency (ECIE), and three State Auditors, with the 
work effort coordinated by the U.S. Department of Education OIG. The 
Project had two primary objectives: 

* to determine the quality of single audits by performing QCRs of a 
statistical sample of single audits, and: 

* to make recommendations to address any audit quality issues noted. 

The project conducted QCRs of a statistical sample of 208 audits 
randomly selected from a universe of over 38,000 audits submitted and 
accepted for the period April 1, 2003, through March 31, 2004. The 
sample was split into two strata: 

* Stratum 1: entities with $50 million or more in federal award 
expenditures, and: 

* Stratum 2: entities with less than $50 million in federal award 
expenditures (with at least $500,000). 

The above split in the sample strata corresponds with the current 
threshold for designating a cognizant agency, which is for entities 
that expend more than $50 million in a year in federal awards. Table 1 
shows the universe and strata used in the analysis and the reviews 
completed in the National Single Audit Sampling Project. 

Table 1: Sample Universe for National Single Audit Sampling Project: 

Stratum 1[A]; 
Sample size: 96; 
Universe: 852; 
Total federal awards for audits in universe (dollars in billions): 
737.2. 

Stratum 2[B]; 
Sample size: 112; 
Universe: 37,671; 
Total federal awards for audits in universe (dollars in billions): 
143.1. 

Total; 
Sample size: 208; 
Universe: 38,523; 
Total federal awards for audits in universe (dollars in billions): 
880.2. 

Source: President's Council on Integrity and Efficiency and Executive 
Council on Integrity and Efficiency. 

Notes: Data from Report on National Single Audit Sampling Project (June 
21, 2007). The $880.2 billion differs from the federal grant funding 
for the audit period covered in the PCIE report due to the double 
counting associated with pass-through entities that provide federal 
awards to a subrecipient to carry out a federal program. 

[A] Entities with $50 million in federal award expenditures. 

[B] Entities with <$50 million in federal award expenditures (with at 
least $500,000). 

[End of table] 

The project covered portions of the single audit relating to the 
planning, conducting, and reporting of audit work related to (1) the 
review and testing of internal control and (2) compliance testing 
pertaining to compliance requirements for selected major federal 
programs. The scope of the project included review of audit work 
related to the SEFA and the content of all of the auditors' reports on 
the federal programs. The project did not review the audit work and 
reporting related to the general purpose financial statements. 

The PCIE project team categorized the audits based on the results of 
the QCRs into the following three groups: 

* Acceptable--No deficiencies were noted or one or two insignificant 
deficiencies were noted. This group also includes the subgroup, 
Accepted with Deficiencies, which is defined as one or more 
deficiencies with applicable auditing criteria noted that do not 
require corrective action for the engagement, but should be corrected 
on future engagements. Audits categorized into this subgroup have 
limited effect on reported results and do not call into question the 
auditor's report. Examples of deficiencies that fall into this subgroup 
are (1) not including all required information in the audit findings; 
(2) not documenting the auditor's understanding of internal control, 
but testing was documented for most applicable compliance requirements; 
and (3) not documenting internal control or compliance testing for a 
few applicable compliance requirements. 

* Limited Reliability--Contains significant deficiencies related to 
applicable auditing criteria and requires corrective action to afford 
reliance upon the audit. Deficiencies for audits categorized into this 
group have a substantial effect on some of the reported results and 
raise questions about whether the auditors' reports are correct. 
Examples of deficiencies that fall into this category are (1) 
documentation did not contain adequate evidence of the auditors' 
understanding of internal control or testing of internal control for 
many or all compliance requirements; however, there was evidence that 
most compliance testing was performed; (2) lack of evidence that work 
related to the SEFA was adequately performed; and (3) lack of evidence 
that audit programs were used for auditing internal control, 
compliance, and/or the SEFA. 

* Unacceptable--Substandard audits with deficiencies so serious that 
the auditors' opinion on at least one major program cannot be relied 
upon. Examples of deficiencies that fall into this group are (1) no 
evidence of internal control testing and compliance testing for all or 
most compliance requirements for one or more major programs, (2) 
unreported audit findings, and (3) at least one incorrectly identified 
major program. 

As shown in table 2, the PCIE study estimated that, overall, 
approximately 49 percent of the universe of single audits fell into the 
acceptable group. This percentage also includes "accepted with 
deficiencies." The remaining 51 percent had deficiencies that were 
severe enough to cause the audits to be classified as having limited 
reliability or being unacceptable. Specifically, for the 208 audits 
drawn from the universe, the statistical sample showed the following 
about the single audits reviewed in the PCIE study:[Footnote 14] 

* 115 were acceptable and thus could be relied upon. This includes the 
category of "accepted with deficiencies." Based on this result, the 
PCIE study estimated that 48.6 percent of the entire universe of single 
audits were acceptable. 

* 30 had significant deficiencies and thus were of limited reliability. 
Based on this result, the PCIE study estimated that 16.0 percent of the 
entire universe of single audits was of limited reliability. 

* 63 were unacceptable and could not be relied upon.[Footnote 15] Based 
on this result, the PCIE study estimated that 35.5 percent of the 
entire universe of single audits was unacceptable. 

Table 2: Audit Quality by Groupings with Statistical Estimates of Audit 
Quality Based on Numbers of Audits: 

Stratum 1[A]; 
Acceptable: 61 63.5%; 
Limited reliability: 12 12.5%; 
Unacceptable: 23 24.0%; 
In sample: 96; 
In universe: 852. 

Stratum 2[B]; 
Acceptable: 54 48.2%; 
Limited reliability: 18 16.1%; 
Unacceptable: 40 35.7%; 
In sample: 112; 
In universe: 37,671. 

Total; 
Acceptable: 115 48.6%; 
Limited reliability: 30 16.0%; 
Unacceptable: 63 35.5%; 
In sample: 208; 
In universe: 38,523. 

Source: President's Council on Integrity and Efficiency and Executive 
Council on Integrity and Efficiency. 

Notes: Data from Report on National Single Audit Sampling Project (June 
21, 2007). 

[A] Entities with $50 million in federal award expenditures. 

[B] Entities with <$50 million in federal award expenditures (with at 
least $500,000). 

[End of table] 

It is important to note the significant difference in results in the 
two strata. Specifically, 63.5 percent of the audits of entities in 
stratum 1 (those expending $50 million or more in federals awards) were 
deemed acceptable, while 48.2 percent of audits in stratum 2 (those 
expending at least $500,000 but less than $50 million) were deemed 
acceptable. 

Because of these differences, it is also important to analyze the 
results in terms of federal dollars. For the 208 audits drawn from the 
entire universe, the statistical sample showed the following about the 
single audits reviewed in the PCIE study: 

* The 115 acceptable audits represented 92.9 percent of the value of 
federal award amounts reported in all 208 audits the PCIE study 
reviewed. 

* The 30 audits of limited reliability represented 2.3 percent of the 
value of federal award amounts reported in all 208 audits the PCIE 
study reviewed. 

* The 63 unacceptable audits represented 4.8 percent of the value of 
federal award amounts reported in all 208 audits the PCIE study 
reviewed. 

The dollar distributions for the 208 audits reviewed in the study are 
shown in table 3. 

Table 3: Results--Distribution of Dollars of Federal Awards Reported in 
the 208 Audits: 

Stratum 1[A]; 
Acceptable: $52.9 billion 93.2%; 
Limited reliability: $1.3 billion 2.2%; 
Unacceptable: $2.6 billion 4.6%; 
Total: $56.8 billion 100%. 

Stratum 2[B]; 
Acceptable: $232.0 million 56.3%; 
Limited reliability: $39.7 million 9.6%; 
Unacceptable: $140.5 million 34.1%; 
Total: $412.2 million 100%. 

Total; 
Acceptable: $53.1 billion 92.9%; 
Limited reliability: $1.3 billion 2.3%; 
Unacceptable: $2.7 billion 4.8%; 
Total: $57.2 million 100%. 

Source: President's Council on Integrity and Efficiency and Executive 
Council on Integrity and Efficiency. 

Notes: Data from Report on National Single Audit Sampling Project (June 
21, 2007). 

[A] Entities with $50 million in federal award expenditures. 

[B] Entities with <$50 million in federal award expenditures (with at 
least $500,000). 

[End of table] 

The most prevalent deficiencies related to the auditors' lack of 
documenting: 

* an understanding of internal control over compliance requirements, 

* testing of internal control of at least some compliance requirements, 
and: 

* compliance testing of at least some compliance requirements. 

The PCIE report states that for those audits not in the acceptable 
group, the project team believes that lack of due professional care was 
a factor for most deficiencies to some degree. The term due 
professional care refers to the responsibility of independent auditors 
to observe professional standards of auditing. GAGAS further elaborate 
on this concept in the standard on Professional Judgment. Under this 
standard, auditors must use professional judgment in planning and 
performing audits and in reporting the results, which includes 
exercising reasonable care and professional skepticism. Reasonable care 
concerns acting diligently in accordance with applicable professional 
standards and ethical principles. Using professional judgment in all 
aspects of carrying out their professional responsibilities--including 
following the independence standards, maintaining objectivity and 
credibility, assigning competent audit staff to the assignment, 
defining the scope of work, evaluating and reporting the results of the 
work, and maintaining appropriate quality control over the assignment 
process--is essential to performing a high quality audit. 

We previously noted similar audit quality problems in prior reports. In 
December 1985, we reported[Footnote 16] that problems found by OIGs in 
the course of QCRs mostly related to lack of documentation showing 
whether and to what extent auditors performed testing of compliance 
with laws and regulations. In March 1986, we reported[Footnote 17] that 
our own review of single audits showed that auditors performing single 
audits frequently did not satisfactorily comply with professional 
auditing standards. The predominant issues that we found in our 
previous reviews were insufficient audit work in testing compliance 
with governmental laws and regulations and evaluating internal 
controls. We also observed, through discussions with the auditors and 
reviews of their work, that many did not understand the nature and 
importance of testing and reporting on compliance with laws and 
regulations, or the importance of reporting on internal control and the 
relationship between reporting and the extent to which auditors 
evaluated controls. As a result, in 1986, we reported that the public 
accounting profession needed to (1) improve its education efforts to 
ensure that auditors performing single audits better understand the 
auditing procedures required, and (2) strengthen its enforcement 
efforts in the area of governmental auditing to help ensure that 
auditors perform those audits in a quality manner. 

Similar to our prior work, the PCIE report presents compelling evidence 
that a serious problem with single audit quality continues to exist. 
The PCIE study also reveals that the rate of acceptable audits for 
organizations with $50 million or more in federal expenditures was 
significantly higher than for audits for organizations with smaller 
amounts of federal expenditures. The results also showed that overall, 
a significant number of audits fell into the groups of limited 
reliability with significant deficiencies and unacceptable. 

In our view, the current status of single audit quality is 
unacceptable. We are concerned that audits are not being conducted in 
accordance with professional standards and requirements. These audits 
may provide a false sense of assurance and could mislead users of audit 
reports regarding issues of compliance and internal control over 
federal programs. 

PCIE Recommendations to Improve Single Audit Quality Are Based on Three-
Pronged Approach: 

The PCIE report recommended a three-pronged approach to reduce the 
types of deficiencies noted and improve the quality of single audits: 

1. revise and improve single audit standards, criteria, and guidance; 

2. establish minimum continuing professional education (CPE) as a 
prerequisite for auditors to be eligible to conduct and continue to 
perform single audits; and: 

3. review and enhance the disciplinary processes to address 
unacceptable audits and for not meeting training and CPE requirements. 

Revise and Improve Standards, Criteria and Guidance: 

More specifically, to improve standards, criteria, and guidance, the 
PCIE report recommended revisions to (1) OMB Circular No. A-133, (2) 
the AICPA Statement on Auditing Standards (SAS) No. 74, Compliance 
Auditing Considerations in Audits of Governmental Entities and 
Recipients of Governmental Financial Assistance, and (3) the AICPA 
Audit Guide, Current AICPA Audit Guide, collectively to: 

* emphasize correctly identifying major programs for which opinions are 
compliance are rendered; 

* make it clear when audit findings should be reported; 

* include more detailed requirements and guidance for compliance 
testing; 

* emphasize the minimal amount of documentation needed to document the 
auditor's understanding of, and testing of, internal control related to 
compliance; 

* provide specific examples of the kind of documentation needed for 
risk assessment of individual federal programs; 

* present illustrative examples of properly presented findings; 

* specify content and examples of SEFA and any effect on financial 
reporting; 

* emphasize requirements for management representations related to 
federal awards, similar to those for financial statement audits; 

* provide additional guidance about documenting materiality; and: 

* require compliance testing to be performed using sampling in a manner 
prescribed by the AICPA SAS No. 39, Audit Sampling, as amended, to 
provide for some consistency in sample sizes. 

Minimum CPE Requirements for Conducting Single Audits: 

The PCIE report recommendation called on OMB to amend its Circular No. 
A-133 to require that (1) as a prerequisite to performing a single 
audit, staff performing and supervising the single audit must have 
completed a comprehensive training program of a minimum specified 
duration (e.g., at least 16-24 hours); (2) every 2 years after 
completing the comprehensive training, auditors performing single 
audits complete a minimum specified amount of CPE; and (3) single 
audits may only be procured from auditors who meet the above training 
requirements. The PCIE report also recommends that OMB develop, or 
arrange for the development of, minimum content requirements for the 
required training, in consultation with the National State Auditors 
Association (NSAA), the AICPA and its Governmental Audit Quality Center 
(GAQC), and the cognizant and oversight agencies for audit. The report 
states that the minimum content should cover the essential components 
of single audits and emphasize aspects of single audits for which 
deficiencies were noted in this project. In addition, the report 
recommends that OMB develop, or arrange for the development of, minimum 
content requirements for the ongoing CPE and develop a process for 
modifying future content. 

The report further recommends that OMB encourage professional 
organizations, including the AICPA, the NSAA, and qualified training 
providers, to offer training that covers the required content. It also 
recommends that OMB encourage these groups to deliver the training in 
ways that enable auditors throughout the United States to take the 
training at locations near or at their places of business, including 
via technologies such as Webcasts, and that the training should be 
available at an affordable cost. The PCIE project report emphasizes 
that the training should be "hands on" and should cover areas where the 
project team specifically found weaknesses in the work or documentation 
in its statistical study of single audits. The report specifically 
stated that the training should cover requirements for properly 
documenting audit work in accordance with GAGAS and other topics 
related to the many deficiencies disclosed by the project, including 
critical and unique parts of a single audit, such as: 

* the auditors' determination of major programs for testing, 

* review and testing of internal controls over compliance, 

* compliance testing, 

* auditing procedures applicable to the SEFA, 

* how to use the OMB Compliance Supplement, and: 

* how to audit major programs not included in the Compliance 
Supplement. 

The PCIE report concludes that such training would require a minimum of 
16 to 24 hours, and that a few hours or an "overview" session will not 
suffice. We believe that the proposed training requirements would 
likely satisfy the criteria for meeting a portion of the CPE hours 
already required by GAGAS. 

Enhance Disciplinary Processes: 

This recommendation focuses on developing processes to address 
unacceptable audits and auditors not meeting the required training 
requirements. OMB Circular No. A-133 currently has sanctions that apply 
to an auditee (i.e., the entity being audited) for not having a 
properly conducted audit and requires cognizant agencies to refer 
auditors to licensing agencies and professional bodies in the case of 
major inadequacies and repetitive substandard work. The report noted 
that other federal laws and regulations do currently provide for 
suspension and debarment processes that can be applied to auditors of 
single audits. Some cognizant and oversight agency participants in the 
project team indicated that these processes are rarely initiated due to 
the perception that it is a large and costly effort. As a result, the 
report specifically recommends that OMB, with federal cognizant and 
oversight agencies, should (1) review the process of suspension and 
debarment to identify whether (and if so, how) it can be more 
efficiently and effectively applied to address unacceptable audits, and 
based on that review, pursue appropriate changes to the process; and 
(2) enter into a dialogue with the AICPA and State Boards of 
Accountancy to identify ways the AICPA and State Boards can further the 
quality of single audits and address the due professional care issues 
noted in the PCIE report. The report further recommends that OMB, with 
federal cognizant agencies, should also identify, review, and evaluate 
the potential effectiveness of other ways (both existing and new) to 
address unacceptable audits, including (but not limited to) (1) 
revising Circular No. A-133 to include sanctions to be applied to 
auditors for unacceptable work or for not meeting training and CPE 
requirements, and (2) considering potential legislation that would 
provide to federal cognizant and oversight agencies the authority to 
issue a fine as an option to address unacceptable audit work. 

GAO Analysis of PCIE Recommendations: 

While we support the recommendations made in the PCIE report, it will 
be important to resolve a number of issues regarding the proposed 
training requirement. Some of the unresolved questions involve the 
following: 

* What are the efficiency and cost-benefit considerations for providing 
the required training to the universe of auditors performing the 
approximately 38,500 single audits? 

* How can current mechanisms already in place, such as the AICPA's 
Government Audit Quality Center (GAQC), be leveraged for efficiency and 
effectiveness purposes in implementing new training? 

* Which levels of staff from each firm would be required to take 
training? 

* What mechanisms will be put in place to ensure compliance with the 
training requirement? 

* How will the training requirement impact the availability of 
sufficient, qualified audit firms to perform single audits? 

The effective implementation of the third prong, developing processes 
to address unacceptable audits and for auditors who do not meet 
professional requirements, is essential as the quality issues have been 
long-standing. We support the PCIE recommended actions to make the 
process more effective and efficient and to help ensure a consistent 
approach among federal agencies and their respective OIGs overseeing 
the single audit process. 

Additional Factors for Consideration When Determining Actions to 
Improve Audit Quality: 

In addition to the findings and recommendations of the PCIE report, we 
believe there are two other critical factors that need to be considered 
in determining actions that should be taken to improving audit quality: 
(1) the distribution of unacceptable audits and audits of limited 
reliability across the different dollar amounts of federal expenditures 
by grantee, as found in the PCIE study; and (2) the distribution of 
single audits by size in the universe of single audits. These factors 
are critical in effectively evaluating the potential dollar 
implications and efficiency and effectiveness of proposed actions. The 
PCIE study found that rates of unacceptable audits and audits of 
limited reliability were much higher for audits of entities in stratum 
2 (those expending less than $50 million in federal awards) than those 
in stratum 1 (those expending $50 million or more). 

Table 1 presented earlier in this testimony shows the data from the 
sample universe of single audits used by the PCIE. Analysis of the data 
shows that 97.8 percent of the total number of audits (37,671 of the 
38,523 total) covered approximately 16 percent ($143.1 billion of the 
$880.2 billion) of the total reported value of federal award 
expenditures, indicating significant differences in distributions of 
audits by dollar amount of federal expenditures. At the same time, the 
rates of unacceptable audits and audits of limited reliability were 
relatively higher in these smaller audits. 

We believe that there may be opportunities for considering size 
characteristics when implementing future actions to improve the 
effectiveness and quality of single audits. For instance, there may be 
merit to conducting a more refined analysis of the distribution of 
audits to determine whether less-complex approaches could be used for 
achieving accountability through the single audit process for a 
category of the smallest single audits. Such an approach may provide 
sufficient accountability for these smaller programs. 

An example of a less-complex approach consists of requirements for a 
financial audit in accordance with GAGAS, that includes the higher 
level reports on internal control and compliance along with an opinion 
on the SEFA and additional, limited or specified testing of compliance. 
Currently, the compliance testing in a single audit is driven by 
compliance requirements under OMB Circular No. A-133 as well as program-
specific requirements detailed in the compliance supplement. A less-
complicated approach could be used for a category of the smallest 
audits to replace the current approach to compliance testing, while 
still providing a level of assurance on the total amount of federal 
grant awards provided to the recipient. 

Another consideration for future actions is strengthening the oversight 
of the cognizant agency for audit with respect to auditees expending 
$50 million or more in federal awards. As shown in the data from the 
sample universe of single audits used by the PCIE, 852 audits (or 2.2 
percent) of the total 38,523 audits covered $737.2 billion (or 84 
percent) of the reported federal award expenditures. This distribution 
suggests that targeted and effective efforts on the part of cognizant 
agencies aimed at improving audit quality for those auditees that 
expend greater than $50 million could achieve a significant effect in 
terms of dollars of federal expenditures. 

Conclusions: 

We continue to support the single audit concept and principles behind 
the act as a key accountability mechanism over federal awards. It is 
essential that the audits are done properly in accordance with GAGAS 
and OMB requirements. The PCIE report presents compelling evidence that 
a serious shortfall in the quality of single audits continues to exist. 
Many of these quality issues are similar in nature to those reported by 
GAO and the Inspectors General since the 1980s. We believe that actions 
must be taken to improve audit quality and the overall accountability 
provided through single audits for federal awards. Without such action, 
we believe that substandard audits may provide a false sense of 
assurance and could mislead users of audit reports. While we support 
the recommendations made in the PCIE report, we believe that a number 
of issues regarding the proposed training requirements need to be 
resolved. 

The PCIE report results also showed a higher rate of acceptable audits 
for organizations with larger amounts of federal expenditures and 
showed that the vast majority of federal dollars are being covered by a 
small percentage of total audits. We believe that there may be 
opportunities for considering size characteristics when implementing 
future actions to improve the effectiveness and quality of single 
audits as an accountability mechanism. Considering the recommendations 
of the PCIE within this larger context will also be important to 
achieve the proper balance between risk and cost-effective 
accountability. 

In addition to the considerations surrounding the specific 
recommendations for improving audit quality, a separate effort taking 
into account the overall framework for single audits may be warranted. 
This effort could include answering questions such as the following: 

* What types of simplified alternatives exist for meeting the 
accountability objectives of the Single Audit Act for the smallest 
audits and what would the appropriate cutoff be for a less-complex 
audit requirement? 

* Is the current federal oversight structure for single audits adequate 
and consistent across federal agencies? 

* What alternative federal oversight structures could improve overall 
accountability and oversight in the single audit process? 

* Are federal oversight processes adequate and are sufficient resources 
being dedicated to oversight of single audits? 

* What role can the auditing profession play in increasing single audit 
quality? 

* Do the specific requirements in OMB Circular No. A-133 and the Single 
Audit Act need updating? 

Mr. Chairman, we would be pleased to work with the subcommittee as it 
considers additional steps to improve the single audit process and 
federal oversight and accountability over federal grant funds. Mr. 
Chairman and members of this subcommittee, this concludes my statement. 
I would be happy to answer any questions that you or members may have 
at this time. 

Contacts and Acknowledgments: 

For information about this statement, please contact Jeanette Franzel, 
Director, Financial Management and Assurance, at (202) 512-9471 or 
franzelj@gao.gov. Individuals who made key contributions to this 
testimony include Marcia Buchanan (Assistant Director), Robert Dacey, 
Abe Dymond, Heather Keister, Jason Kirwan, David Merrill, and Sabrina 
Springfield (Assistant Director). 

[End of section] 

Footnotes: 

[1] President's Council on Integrity and Efficiency (PCIE)/Executive 
Council on Integrity and Efficiency (ECIE), Report on National Single 
Audit Sampling Project (June 2007). The project was conducted under the 
auspices of the Audit Committee of the PCIE, as a collaborative effort 
involving PCIE member organizations, as well as a member of the ECIE 
and three State Auditors. The project was performed to determine the 
quality of single audits using statistical methods and to make 
recommendations to address noted audit quality issues. 

[2] Federal assistance, also known as federal awards, includes grants, 
loans, loan guarantees, property, cooperative agreements, interest 
subsidies, insurance, food commodities, direct appropriations, and 
federal cost reimbursement contracts. 

[3] Pub. L. No. 98-502, 98 Stat. 2327 (Oct. 19, 1984) (codified, as 
amended, at 31 U.S.C. §§ 7501-7507). 

[4] Grant recipients must prepare a SEFA for the period covered by 
their audited financial statements, which identifies all federal awards 
received and expended, and the federal programs under which they were 
received. Federal program and award identification shall include, as 
applicable, the Catalog of Federal Domestic Assistance (CFDA) title and 
number (assigned to a federal program), award number and year, name of 
the federal agency, and name of the pass-through entity. 

[5] GAGAS also provide standards for attestation engagements and 
performance audits. 

[6] Pub. L. No. 104-156, 110 Stat. 1396 (July 5, 1996). 

[7] The Federal Audit Clearinghouse Single Audit Database is maintained 
by the Bureau of Census in the Department of Commerce. It contains 
summary information on the auditor, the recipient and its federal 
programs, and the audit results. 

[8] The 1996 amendments changed the phrase "federal financial 
assistance" to "federal awards." 

[9] See 68 Fed. Reg. 38401 (June 27, 2003). 

[10] The Compliance Supplement is based on the requirements of the 1996 
Amendments and 1997 revisions to OMB Circular No. A-133, which provide 
for the issuance of a compliance supplement to assist auditors in 
performing the required audits. It provides a source of information for 
auditors to understand the federal program's objectives, procedures, 
and compliance requirements relevant to the audit as well as audit 
objectives and suggested audit procedures for determining compliance 
with these requirements. 

[11] GAO, CPA Audit Quality: Inspectors General Find Significant 
Problems, GAO/AFMD-86-20 (Dec. 5, 1985); CPA Audit Quality: Many 
Governmental Audits Do Not Comply With Professional Standards, GAO/ 
AFMD-86-33 (March 19,1986); Single Audit Act: Single Audit Quality Has 
Improved but Some Implementation Problems Remain, GAO/AFMD-89-72 (July 
27,1989). 

[12] GAO, Single Audit: Single Audit Act Effectiveness Issues, GAO-02-
877T (June 26, 2002). 

[13] Office of Management and Budget, Statement of the Honorable Mark 
W. Everson, Controller, Office of Federal Financial Management, Office 
of Management and Budget before the House Subcommittee on Government 
Efficiency, Financial Management, and Intergovernmental Relations (June 
26, 2002). 

[14] The percentages indicated as estimates in this paragraph are point 
estimates of the quality of single audits based on the stratified 
sample results for the universe of all 38,523 single audits from which 
the stratified sample was drawn. At the 90 percent confidence level, 
the margins of error range between ±5.3 and ±7.8 percentage points. 
Also, due to rounding, these percentages do not add to exactly 100 
percent. 

[15] Of these 63 audits, 9 had material reporting errors that resulted 
in the audits being considered unacceptable. The remaining 54 of the 63 
unacceptable audits were substandard. 

[16] GAO/AFMD-86-20. 

[17] GAO/AFMD-86-33. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, DC 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, jarmong@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: